WE CLAIM: 



1 . A method for authorizing a network device, comprising: 
determining an attribute based, in part, on a capability of the network 

device; 

generating an attribute certificate based, in part, on the attribute; 
storing the attribute certificate including the attribute; and 
if the attribute certificate is valid, authorizing access to a resource over a 
network based, in part, on the attribute associated with the attribute certificate. 

2. The method of Claim 1, wherein the attribute is further determined based, 
in part, on an automated security scan of the network device. 

3. The method of Claim 1 , wherein the attribute is further determined based, 
in part, on a condition to be satisfied. 

4. The method of Claim 1, wherein the attribute is further associated with a 
group of network devices. 

5. The method of Claim 1, wherein the attribute is further associated with a 
group of users. 

6. The method of Claim 1 , wherein the attribute certificate is generated by at 
least one of the network device, an access server, and an attribute authority. 

7. The method of Claim 1, wherein the attribute certificate is stored in at 
least one of the network device, and an attribute repository. 

8. The method of Claim 7, wherein the attribute certificate is provided to an 
access server through the use of at least one of a cookie, a program, and a manual upload. 
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9. A network device for managing authorization to a resource over a 
network, comprising: 

a first component configured to generate an attribute certificate, wherein 
the attribute certificate is based, in part, on a capability of another network device; 

a second component, coupled to the first component, configured to store 
the attribute certificate; and 

a third component, coupled to the second component, configured to 
authorize the other network device to the resource over the network based, in part, on the 
attribute of the other network device associated with the attribute certificate. 

10. The network device of Claim 9, wherein the first component is further 
configured to generate the attribute certificate based on a condition to be satisfied. 

1 1 . The network device of Claim 9 further comprising a fourth component 
that is configured to perform an automated security scan of the other network device. 

12. The network device of Claim 1 1 , wherein the first component is further 
configured to generate the attribute certificate based on the automated security scan of the 
other network device. 

13. The network device of Claim 9, wherein the second component is further 
configured to send the attribute certificate to the other network device to be stored, and 
the third component it further configured to receive the attribute certificate. 

14. A network device for managing authorization to a resource over a 
network, comprising: 

a means for generating an attribute certificate, wherein the attribute 
certificate is based on a capability of another network device; 

a means for storing the attribute certificate; and 
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a means for authorizing the other network device to the resource over the 
network based, in part, on the attribute of the other network device associated with the 
attribute certificate. 



{S:\8212\0200353-us0\80002667.DOC IHHIDDIIMIDBnnillliniD } 16 



